Modernizing Authentication — What It Takes to Transform Secure Access
Eastern Washington University this week is notifying more than 130,000 current and former students that their personal information -- including Social Security numbers and birth dates -- may have been accessed by a hacker sometime in the past year.
University officials said they discovered the data breach during an assessment of the school's network last month. The IT staff also discovered that the hacker has installed software to store and share video files on the school's systems.
Eastern Washington University, located in Cheney, Wash., is one of dozens of college and universities to fess up to massive data breaches in the past year.
"EWU regrets that anyone's personal information may have been subject to unauthorized disclosure," President Rodolfo Arevalo said in a statement. "The university is taking this matter seriously and is committed to maintaining everyone's privacy."
He added, "Eastern is continually putting new measures in place to protect personal information and will do everything it can to protect against further intrusions."
School officials this week began notifying the students -- some who attended the university as far back as 1987 -- of the security breach. It also set up an informational Web site for current and former students who may have been affected.
Thus far, there's no evidence that the hacker has used any of the student data for nefarious purposes.
Washington is one of 45 states that require companies, universities and organizations to notify people when their personal or financial information is accidentally or deliberately compromised.
In December, a North Carolina community college system warned thousands of students, faculty and local residents that a hacker had somehow infiltrated the server hosting data collected from the system's 25 libraries.
In April, University of California at Berkeley officials said hackers infiltrated a healthcare database containing the personal information of more than 160,000 students dating back to 1999.
In September, the University of North Carolina's radiology department discovered that hackers may have compromised a server containing the personal data of more than 163,000 women participating in a mammography research project.
Similar attacks were reported this year at Penn State University, Montana State University, the University of Michigan, Eastern Illinois University and the University of Alabama.
IT security experts say colleges and universities are particularly attractive to hackers because research computers have Internet access, abundant processing power and, obviously, tons of data because they're constantly conducting large-scale research projects.
Larry Barrett is a senior editor at InternetNews.com. Based in Las Vegas, Larry covers IT management, enterprise software, services, and security.